I have a resource in my Integration and the requirement is to use Oauth2.0 for accessing the resource. The resource would be accessed by another application(not end user), IS acts as both resource server and authorization server. We are considering to use the client credentials grant for the same.
But from IS Admin guide, I can find that only auth code grant and implicit grant are supported. Has some one used Client Credentials Oauth Grant and secured REST end points?
Thanks Deepan. I was looking for implementing it for accessing rest v2 service and got to know that feature is not available on restV2 services. I was also able to do it on other services.
Could you please guide me on step by step process of oauth2.0 implementation in integration server. I created the redirect uri and try to get access code browsers but getting errors… service not avalible … could you please help me on this
The client credentials grant is the simplest of the OAuth grants. The client has it’s own credentials and calls the token endpoint directly. There is no redirection involved. You can see the description in the OAuth 2.0 specification. When Integration Server is your OAuth authorization server, the client can simple call pub.oauth:getToken as described in the spec:
4.4.2. Access Token Request
The client makes a request to the token endpoint by adding the
following parameters using the “application/x-www-form-urlencoded”
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:
grant_type
REQUIRED. Value MUST be set to “client_credentials”.
scope
OPTIONAL. The scope of the access request as described by
Section 3.3.
The client MUST authenticate with the authorization server as
described in Section 3.2.1.